[RELEASE] 5.03 TIFF Hello World

[tomplast]

DELETED by myself.

P.S Assembly is nice.

 

[imported_khan]

@ Davee

Sorry, if you already have replied to a similar question.

Are you working with MaTiAz on this exploit? Eitherways, would you be making any releases, separate from MaTiAz?

Thanks

 

[tomplast]

Stupid question...

I shouldn't ask because I know it's stupid but still I have to ask, what would happend if someone tried to replace the file h.bin with let's say a homebrew version of Pong (but still call the executable file h.bin)?

I assume it would crash the PSP and you'll have to restart it (if the code executes at all), right?

 

[absan]

succesfull done this on my psp 3k...can now play game without umd..sorry i new to psp..

 

[NobodyKnows]

YouTube - PSP 3000 Hello World TIFF v2 Exploit

YouTube - PSP 3000 RUNING EXPLOIT TIFF 5.03

Works on PSP-3000k, these videos is very legit. User says he was using Firmware 5.02 on the first video

PSP Slim Hello World Exploit

I'm using my Japanese Radiant Red PSP 3000 and it seems that the exploit worked. The firmware is 5.02 if you're wondering as well.

===============
Download File
http://www.sendspace.com/file/9r2am5
===============

PSP 3000 Installation:

1) Extract the "26833_release_v2.zip" file

2) You'll see 4 files altogether inside that folder. (h.bin, phat.tiff, readme.txt, & slim.tiff)

3) Make sure you have a Memory Stick (MS) * Grab your PSP and connect to USB mode.

4) Copy the "h.bin" file onto the root of your MS. Then copy the "slim.tiff" file onto your MS_ROOT/PSP/PHOTO folder.

5) Copy any 8 random photos into your MS_ROOT/PSP/PHOTO folder. Altogether you should have 9 files in your PHOTO folder.

6) Full power down your PSP and turn it on. On the Cross Media Bar (XMB), go to "Photo" and down to "Memory Stick"; Click ENTER.

7) Wait for all the thumbnails to load. Scroll up down again and again and slowly go down until it goes into the HELLO WORLD exploit. (My video is a great example!)

Notice: It might freeze on the "XMB Photo" section, but you can keep trying until you get it right. Although this does nothing but brings you into the HELLO WORLD exploit screen, it's a good sign that it works on the PSP 3000. Until then, have fun with this experiment!

-P.S this won't screw up/break/brick your PSP 3000 system if your also wondering.

Thanks out to MaTiAz from the PSP Homebrew Scene.

This worked for me on the first try on my PSP 3004 Pearl White. It didn't on the second though.

 

[Adiuvo]

You can't do anything with the exploit yet. It's only a proof of concept.

 

[absan]

allrite..can't wait for next update..

 

[Abe Froeman]

I tried several times to get this to execute properly on my Rachet & Clank slim this morning before work. Didn't work once. I upgraded to official 5.03 just to try it out.

I'll try again after work today.

 

[deathack]

This worked for me on the first try on my PSP 3004 Pearl White. It didn't on the second though.

Can you try out my mini guide? I just wanna know if this exploit works on 3000 just as fine as 2000.. And I mean consecutively able to display Hello World..

 

[Slasher]

I shouldn't ask because I know it's stupid but still I have to ask, what would happend if someone tried to replace the file h.bin with let's say a homebrew version of Pong (but still call the executable file h.bin)?

I assume it would crash the PSP and you'll have to restart it (if the code executes at all), right?

If the homebrew was coded in asm, then yeah I'm pretty sure it would work. Renaming an eboot to h.bin and trying to run it would not work though.

 

[NobodyKnows]

Can you try out my mini guide? I just wanna know if this exploit works on 3000 just as fine as 2000.. And I mean consecutively able to display Hello World..

I got to "hello wolrd" again but I can't reproduce it, neither with your guide nor with anyone elses.
It's just luck.

EDIT: BTW I'm on FW5.02

 

[Draco]

Does anybody succeed on 4.xx 88v3?
I didn't. Then I updated to 5.02, and it works almost all time

 

[Archaemic]

A lot of the code in the h.bin looks compiled >_>
Of course, the assembly in the TIFF is hand-written. No real other way to do it.

It should be possible to compile a homebrew to work as the h.bin, but it's quite difficult. You need to pull out the .text segment, basically not use any of the other segments (I think it would be possible to use a .data segment, but it would require to post-process the binary a lot), and stick only that in the binary. You'd need to be very cautions of absolute jumps and probably replace them with relative branches, and absolute memory access is also asking for a disaster, but without a .data or .bss segment, these probably won't happen unless you're actually messing around with a specific portion of memory. You basically need to abide by these rules yourself when you're writing the h.bin in assembly anyway, but it's easier because you can do the branches yourself and avoid use of other segments already.

If you don't know what segments or relative branches are, you probably shouldn't try to write an h.bin

 

[jeerum]

Yessss, i confirm psp3004 and OFW 5.00 and exploit work
Now, can i get the hello world src code?

Kato, kato satemato
v

 

[RoBz]

Thanks Mathiaz

Mathieulh + MaTiAz?

 

[dudericious]

The only way to keep a secret ...

E] I told the other half to FreePlay shortly before this was released, so there is a chance that it might be used in this exploit (it's not in the POC, though), and if that's the case, I'll release my 4.xx exploit. Although really, I'd rather it not be used if at all possible, just in case it's possible to pull this off without it. Shame to let something like this go to waste.

The only way to keep a secret ... is to tell no one.

 

[wimat]

I got a question... I read a few pages back about a HEN. Can someone explain to me what it is? Thanks to the one who is willing to answer

 

[Draco]

I got a question... I read a few pages back about a HEN. Can someone explain to me what it is? Thanks to the one who is willing to answer

Homebrew enabler (commonly shortened to HEN) is an application that makes use of exploits on the 2.00-3.50 firmwares, and games, that allow homebrew to be launched and run from the PSP, as long as HEN is active. Often bundled with HEN would also be a downgrader allowing users to downgrade their PSP back to 1.50.

Source: Dark Alex PSP Wiki page

 

[Archaemic]

HEN means Hombrew Enabler. It basically turns off signing checks in the firmware to allow one to launch homebrew.

E] Ah, I see I'm too late

 

[wimat]

thank you, so if they make one I would be able to downgrade my PSP and install M33 or another? Any information about when it might be released?